• J
    io_uring: fix possible deadlock between io_uring_{enter,register} · 021689d2
    Jens Axboe 提交于
    commit b19062a567266ee1f10f6709325f766bbcc07d1c upstream.
    
    If we have multiple threads, one doing io_uring_enter() while the other
    is doing io_uring_register(), we can run into a deadlock between the
    two. io_uring_register() must wait for existing users of the io_uring
    instance to exit. But it does so while holding the io_uring mutex.
    Callers of io_uring_enter() may need this mutex to make progress (and
    eventually exit). If we wait for users to exit in io_uring_register(),
    we can't do so with the io_uring mutex held without potentially risking
    a deadlock.
    
    Drop the io_uring mutex while waiting for existing callers to exit. This
    is safe and guaranteed to make forward progress, since we already killed
    the percpu ref before doing so. Hence later callers of io_uring_enter()
    will be rejected.
    
    Reported-by: syzbot+16dc03452dee970a0c3e@syzkaller.appspotmail.com
    Signed-off-by: NJens Axboe <axboe@kernel.dk>
    Signed-off-by: NJoseph Qi <joseph.qi@linux.alibaba.com>
    Reviewed-by: NJeffle Xu <jefflexu@linux.alibaba.com>
    Acked-by: NCaspar Zhang <caspar@linux.alibaba.com>
    021689d2
io_uring.c 69.8 KB